I want to be able to create addons for any game, the example I will use is League of Legends. With addons I mean, for example when my level integer changes I want to play a sound in the background.

The programming language I want to use is C#.

What I want to know is how I'm able to read my level integer inside C#, from there on I should be able to do anything I want.

What I've found out is, with a program like Cheat Engine you can look for memory values and adresses inside your RAM. And I think there is a way to assign a variable in C# to the value of a memory adress. But how can I find the value of my level in the first place? The memory adress might change each time I start the game or even level up. I think it has something to do with pointers, but where do I find the pointer?

But the biggest problem is that I can't even find some values I look for iside the memory. Maybe it encrypts the values? How can I find out what it does and where it puts it? An example is Flash games. If you look for the variable money that has a value of 100 you need to multiply it by 8 and look for 800 iside the memory of that process.

I am confused as to what you mean. What is this 'level integer'? And by addons people usually mean DLC-type stuff..so I don't entirely see what you're on about. And this kind of thing is very difficult with C#, since it's a managed language.
–
The Communist DuckJun 14 '11 at 13:23

He is asking for a way to auto-map memory usage from applications, and there simply is not a way to do this other than trial and error with out the source code. I suppose you could write a program that has rules to try and find this stuff out but... This to me is an over the edge question.. It annoys me when people want to play outside of the rules because then developers have to punish everyone.
–
JamesJun 14 '11 at 16:56

3 Answers
3

The question you want an answer to is inherently unanswerable ... at least in this format. You want to start poking around in the memory, which, with most modern programs can be an exercise in futility when you take into account garbage collection and memory defragmenting algorithms. That means that values will shift around in memory, and only the program itself will know the value addresses.

Without modifying the program, you probably won't be able to do what you're looking for.

You can do this in C#, but you'll likely need to P/Invoke a lot of the functionality you'd need. C or C++ is probably more well-suited to the task -- you'll have fewer hoops to jump through. There are a few open source "cheat engine" projects out there you can look at for a better idea of what you're going to have to do.

How do I find the correct memory
adress each time?

Mostly through trial and error. A lot of trial and error. Once you've found it the first time, you may be able to rely on the fact that it will be located at a fixed offset from the load address of the program, but this will only be true for a very small subset of the data manipulated by any given program. You will likely need to relocate the variable in memory every time.

How do I find out the way it might
save a variable?

By reading the disassembled machine code of the program, you may eventually be able to locate how it modifies a particular variable. This will be extremely tedious.

I think you are biting off way more than you can chew here, but the basic (naive) premise here is that you have to scan the process memory for a value that matches the one you are after -- if you have 100 hit points, you start walking the entire thing looking for values of 100 (as 8, 16 and 32 bit values) and keeping track of the addresses you find. Once you have that initial set, you change the value you are looking for -- get hit, for example, so you now have 94 hit points. Then you scan the addresses you found before to see which ones are now 94. You can eventually narrow down the address in question this way.

Of course this doesn't always work; sometimes you'll only find a display value and not the real representation of health (which may be stored as a float from 0 to 1 instead of an integer from 1 to 100) in which case modifying that integer won't really impact game play at all -- you'd still die, you'd just have a full health meter when you did so. Games and technology vary wildly, and what works for one will usually not work for others.

This is generally a very complex topic and the above is only a very naive, superficial overview. Practically speaking you're probably much better off simply using an existing tool or contributing to an open source project oriented at making one, because the way you've phrased your question honestly makes it sound like you aren't ready for this kind of project.

To find a static memory address you can use Cheat Engine.
Scan for your health variable, right-click it and press Pointer scan for this address.
A pointer basically points to another memory address that might hold a useful value.
It is possible that you have a multilevel pointer, a pointer to a pointer to a pointer to a pointer to your health variable.
This scan will look for all memory addresses that have the value of your variables address.
This list can be gigantic when finished scanning, therefore you must close and reopen your game, look for your health variable again and open your old pointer scan results. Now you need to rescan the pointers with the new memory address of your health, each time you do this cycle your list will get narrower and narrower until you get an accurate base pointer that is always correct.

If the memory values are 'encrypted', for example flash player multiplies your variable by 8 before putting it into memory and divides it when utilising it. In order to find your variables and base pointers you can use Cheat Engine scanning methods to scan for Unknown initial value. Lose some health in the game and look for decreased values, heal in the game and look for increased value. Repeat this cycle until you get an accurate result. Now you can find out the ratio between the health value displayed in the game and the value you have found in Cheat Engine.

I've been able to read my League of Legends Health, maxHealth and Level variables since yesterday. I've learned a lot and for what I'm aiming for I will have to learn A LOT more.